1. get the self signed certificate
  2. put it into some (e.g. ~/git-certs/cert.pem) file
  3. set git to trust this certificate using http.sslCAInfo parameter.

In more details:

Get self signed certificate of remote server

Assuming, the server url is repos.sample.com and you want to access it over port 443.

There are multiple options, how to get it.

get cert using openssl

$ openssl s_client -connect repos.sample.com:443

Catch the output into a file cert.pem and delete all but part between (and including) -BEGIN CERTIFICATE- and -END CERTIFICATE-

Content of resulting file ~/git-certs/cert.pem may look like this:

-----BEGIN CERTIFICATE-----

MIIDnzCCAocCBE/xnXAwDQYJKoZIhvcNAQEFBQAwgZMxCzAJBgNVBAYTAkRFMRUw

EwYDVQQIEwxMb3dlciBTYXhvbnkxEjAQBgNVBAcTCVdvbGZzYnVyZzEYMBYGA1UE

ChMPU2FhUy1TZWN1cmUuY29tMRowGAYDVQQDFBEqLnNhYXMtc2VjdXJlLmNvbTEj

MCEGCSqGSIb3DQEJARYUaW5mb0BzYWFzLXNlY3VyZS5jb20wHhcNMTIwNzAyMTMw

OTA0WhcNMTMwNzAyMTMwOTA0WjCBkzELMAkGA1UEBhMCREUxFTATBgNVBAgTDExv

d2VyIFNheG9ueTESMBAGA1UEBxMJV29sZnNidXJnMRgwFgYDVQQKEw9TYWFTLVNl

Y3VyZS5jb20xGjAYBgNVBAMUESouc2Fhcy1zZWN1cmUuY29tMSMwIQYJKoZIhvcN

AQkBFhRpbmZvQHNhYXMtc2VjdXJlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP

ADCCAQoCggEBAMUZ472W3EVFYGSHTgFV0LR2YVE1U//sZimhCKGFBhH3ZfGwqtu7

mzOhlCQef9nqGxgH+U5DG43B6MxDzhoP7R8e1GLbNH3xVqMHqEdcek8jtiJvfj2a

pRSkFTCVJ9i0GYFOQfQYV6RJ4vAunQioiw07OmsxL6C5l3K/r+qJTlStpPK5dv4z

Sy+jmAcQMaIcWv8wgBAxdzo8UVwIL63gLlBz7WfSB2Ti5XBbse/83wyNa5bPJPf1

U+7uLSofz+dehHtgtKfHD8XpPoQBt0Y9ExbLN1ysdR9XfsNfBI5K6Uokq/tVDxNi

SHM4/7uKNo/4b7OP24hvCeXW8oRyRzpyDxMCAwEAATANBgkqhkiG9w0BAQUFAAOC

AQEAp7S/E1ZGCey5Oyn3qwP4q+geQqOhRtaPqdH6ABnqUYHcGYB77GcStQxnqnOZ

MJwIaIZqlz+59taB6U2lG30u3cZ1FITuz+fWXdfELKPWPjDoHkwumkz3zcCVrrtI

ktRzk7AeazHcLEwkUjB5Rm75N9+dOo6Ay89JCcPKb+tNqOszY10y6U3kX3uiSzrJ

ejSq/tRyvMFT1FlJ8tKoZBWbkThevMhx7jk5qsoCpLPmPoYCEoLEtpMYiQnDZgUc

TNoL1GjoDrjgmSen4QN5QZEGTOe/dsv1sGxWC+Tv/VwUl2GqVtKPZdKtGFqI8TLn

/27/jIdVQIKvHok2P/u9tvTUQA==

-----END CERTIFICATE-----

get cert using your web browser

I use redmine with git repos and I access the same url for web UI and for git command line access. This way, I had to add exception for that domain into my web browser.

Using Firefox, I went to Options -> Advanced -> Certificates -> View Certificates -> Servers, found there the selfsigned host, selected it and using Export button I got exactly the same file, as created using openssl.

Note: I was a bit surprised, there is no name of the authority visibly mentioned. This is fine.

Having the trusted certificate in dedicated file

Previous steps shall result in having the certificate in some file. It does not matter, what file it is as long as it is visible to your git when accessing that domain. I used ~/git-certs/cert.pem

Note: If you need more trusted selfsigned certificates, put them into the same file:

-----BEGIN CERTIFICATE-----

MIIDnzCCAocCBE/xnXAwDQYJKoZIhvcNAQEFBQAwgZMxCzAJBgNVBAYTAkRFMRUw

...........

/27/jIdVQIKvHok2P/u9tvTUQA==

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

AnOtHeRtRuStEdCeRtIfIcAtEgOeShErExxxxxxxxxxxxxxxxxxxxxxxxxxxxxxw

...........

/27/jIdVQIKvHok2P/u9tvTUQA==

-----END CERTIFICATE-----

This shall work (but I tested it only with single certificate).

Configure git to trust this certificate

$ git config --global http.sslCAInfo /home/javl/git-certs/cert.pem

You may also try to do that system wide, using --system instead of --global.

And test it: You shall now be able communicating with your server without resorting to:

$ git config --global http.sslVerify false #NO NEED TO USE THIS

If you already set your git to ignorance of ssl certificates, unset it:

$ git config --global --unset http.sslVerify

and you may also check, that you did it all correctly, without spelling errors:

$ git config --global --list

what should list all variables, you have set globally. (I mispelled http to htt).

configure Git to accept a particular self-signed server certificate for a particular https remote的更多相关文章

  1. Git: untrack a file in local repo only and keep it in the remote repo

    You could update your index: git update-index --assume-unchanged nbproject/project.properties and ma ...

  2. How To Set Up Apache with a Free Signed SSL Certificate on a VPS

    Prerequisites Before we get started, here are the web tools you need for this tutorial: Google Chrom ...

  3. git clone 远程仓库报错error setting certificate verify locations

    系统:windows10 今天从github上克隆项目时报错: 原因: 1.git配置没有修改 之前配置的是公司gitlab账号的信息,和我当前要克隆的github的配置信息不同,没有注意修改 2.执 ...

  4. git克隆出错 github clone Permission denied (publickey) fatal Could not read from remote repo

    原文网址:http://blog.csdn.net/feeling450/article/details/53067563 github clone "Permission denied ( ...

  5. Visual Studio 默认git拉取Github出错 No error could not read Username for 'https://github.com': terminal prompts disabled

    发布到远程存储库时遇到错误: Git failed with a fatal error.fatal: HttpRequestException encountered.   ��������ʱ��� ...

  6. Xcode4 布置Git环境Your working copy is out of date. Try pulling from the remote to get the latest change

    今天布置环境的时候发现一个问题:Your working copy is out of date. Try pulling from the remote to get the latest chan ...

  7. git clone报错:“server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none”

    I can push by clone project using ssh, but it doesn't work when I clone project with https. it shows ...

  8. 解决dotnet错误 System.InvalidOperationException Message=Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found.

    开始=>设置=>manage user certificats  (管理用户证书),里面所有的.net core的全部删除 然后控制台执行: dotnet dev-certs https ...

  9. net core启动报错Unable to configure HTTPS endpoint. No server certificate was specified

    这是因为net core2.1默认使用的https,如果使用Kestrel web服务器的话没有安装证书就会报这个错 其实仔细看他的错误提示,其中有一句叫你执行一个命令安装证书的语句: dotnet ...

随机推荐

  1. 使用canvas截图或者改变灰度

    简述 html5新添加的canvas API可以让我们对画布进行开发应用,典型的是可以使用canvas截图或者 手工绘制“迷你图”(即嵌入在文本中的高清小图片). 实现截图的方法很简单,就是创建一个c ...

  2. 最基本的javascript native carousel (1)

    原理:主要运用z-index这个属性来设置图片的展示和隐藏,代码如下: <!DOCTYPE html> <html lang="en"> <head& ...

  3. 深入浅出JS的封装与继承

    JS虽然是一个面向对象的语言,但是不是典型的面向对象语言.Java/C++的面向对象是object - class的关系,而JS是object - object的关系,中间通过原型prototype连 ...

  4. asp.net开发的一些问题

    关于Ajax说法错误的是( ).(选择一项) MVC是一种流行的软件设计模式,它把系统分为三个模块.三个模块为( ). 在ASP.NET中,关于WebService的说法正确的是( ) .NET中Ob ...

  5. tomcat启动时候报错Can't convert argument: null

    一.启动报错: 为了避免导入的项目重名,我先修改了前一个项目的名称. 重新启动该项目至tomcat,报错:java.lang.IllegalArgumentException: Cant conver ...

  6. 【精粹系列】PHP精粹

    本文地址 分享提纲: 1. 概述 2. 精粹内容 2.1 语言结构 2.2 大小写问题 2.3 变量函数 2.4 常量相关函数   2.5 字符串的使用 2.6 函数 2.7 数据库操作 2.8 自动 ...

  7. FacadePattern(门面模式)

    /** * 外观模式(门面模式) * @author TMAC-J * 外观模式是通过访问一个前台来实现对子系统的访问,其和代理模式的区别是 * 代理模式是通过代理一个类的形式,也就是说一对一的关系 ...

  8. 浅谈CommandBehavior枚举的独特之处

    提供对查询结果和查询对数据库的影响 此枚举有一个 FlagsAttribute 属性,通过该属性可使其成员值按位组合. 命名空间:  System.Data程序集:  System.Data(在 Sy ...

  9. 用html5的canvas画布绘制贝塞尔曲线

    查看效果:http://keleyi.com/keleyi/phtml/html5/7.htm 完整代码: <!DOCTYPE html PUBLIC "-//W3C//DTD XHT ...

  10. MSSQL 分页

    使用数据库分页返回用户数据有如下好处:1.减少服务器磁盘系统地读取压力2.减少网络流量,减轻网络压力3.减轻客户端显示数据的压力4.提高处理效率. 一般而言分页处理分为两种:应用程序中的分页(查询出所 ...